It was discovered that gcab, a Microsoft Cabinet file manipulation tool,is prone to a stack-based buffer overflow vulnerability when extracting.cab files. An attacker can take advantage of this flaw to cause adenial-of-service or, potentially the execution of arbitrary code withthe privileges of the user running gcab, if a specially crafted .cabfile is processed.

For the stable distribution (stretch), this problem has been fixed inversion 0.7-2+deb9u1.